Anti-Phishing / Spear-Phishing script IMPORTANT update

Jules Field MailScanner at ecs.soton.ac.uk
Sun Sep 27 19:09:00 IST 2009



On 26/09/2009 15:51, Mike Wallace wrote:
> Jules,
>
> I have found an anomaly in the beta with the --lint virus scan results.
>
> On a MailScanner box running 4.77.1, when I run MailScanner --lint I 
> get the following for virus checking:
>
> MailScanner.conf says "Virus Scanners = clamd"
> Found these virus scanners installed: clamd
> =========================================================================== 
>
> Filename Checks: Windows/DOS Executable (1 eicar.com)
> Other Checks: Found 1 problems
> Virus and Content Scanning: Starting
> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/
> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
> Virus Scanning: Clamd found 2 infections
> Infected message 1 came from 10.1.1.1
> Virus Scanning: Found 2 viruses
> =========================================================================== 
>
>
> On a MailScanner box running 4.78.16 I get the following:
>
> MailScanner.conf says "Virus Scanners = clamd"
> Found these virus scanners installed: clamd
> =========================================================================== 
>
> Filename Checks: Windows/DOS Executable (1 eicar.com)
> Other Checks: Found 1 problems
> Virus and Content Scanning: Starting
> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
> Virus Scanning: Clamd found 1 infections
> Infected message 1 came from 10.1.1.1
> Virus Scanning: Found 1 viruses
> =========================================================================== 
>
>
>
> Both boxes were built the same way with the only difference being the 
> version of MailScanner installed.
>
> Is this behavior correct?
Looks like a bug-fix to me. There's only 1 infection in the test 
message, so it should only report 1 infection.

Jules.

>
> On Sep 20, 2009, at 4:44 PM, Jules Field wrote:
>
>> Firstly, I'm still here, don't worry :-)
>> Just my day job is really busy at the moment, as we're now in the 
>> run-up to the start of the new academic year, and I have taken on a 
>> load of extra work to ease the strain on the guys who work for me.
>>
>> I'm still intending to do a stable release of MailScanner on 1st 
>> October. So if there's anything important I need to know about the 
>> current version, please tell me in a reply to this message (to the 
>> list is fine, just I can then just check 1 thread).
>>
>> However, the point of this message is to tell you I have updated
>>    http://www.jules.fm/Logbook/files/anti-phishing-v2.html
>> as the location of the original Google-hosted data file has moved to 
>> SourceForge, and so the address of it has changed.
>>
>> If you don't update the script to the new version, it won't be doing 
>> anything at all for you right now.
>>
>> Best regards,
>> Jules.
>>
>> -- 
>> Julian Field MEng CITP CEng
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>>
>> Need help customising MailScanner?
>> Contact me!
>> Need help fixing or optimising your systems?
>> Contact me!
>> Need help getting you started solving new requirements from your boss?
>> Contact me!
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>>
>>
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>> -- 
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>> This message has been scanned for viruses and dangerous content by 
>> MailScanner, and is believed to be clean.
>>
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list